azure-containerregistry-py
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (INFO): The skill installs the official Azure Container Registry SDK for Python.
- Evidence: Found in the
pip install azure-containerregistrycommand in SKILL.md. - Trust Status: This package is provided by Microsoft, a trusted organization, so the finding is downgraded to INFO per [TRUST-SCOPE-RULE].
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its processing of untrusted external content alongside high-privilege capabilities.
- Ingestion Points: The skill ingests untrusted data from the registry via
list_repository_names,list_tag_properties, andlist_manifest_properties(SKILL.md). - Boundary Markers: Absent. There are no delimiters or instructions to ignore embedded commands within the retrieved metadata.
- Capability Inventory: The skill has destructive and modification capabilities, including
delete_repository,delete_manifest,delete_tag, andupdate_repository_properties(SKILL.md). - Sanitization: Absent. Data retrieved from the registry is used directly in logic and displayed without validation or escaping.
- Risk: Maliciously named resources (e.g., a repository named to contain an injection payload) could influence the agent to execute unintended deletion commands or leak metadata.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata